[Freeswitch-users] Wrong IP on ACK?
David Aldworth
daldworth at teliax.com
Wed Nov 19 06:05:15 PST 2008
We're still having a problem with this. As you can see from the below
the ACK goes to the port in the Contact field of the 200 OK instead of
that of the UDP header, which is where their router is expecting to
get the call from.
Help!
David
On Nov 6, 2008, at 10:55 AM, David Aldworth wrote:
> No love. They set extern ip so the IP comes through correctly, but
> the acl did not seem to have any affect. We are still sending to the
> wrong port. Sip trace, acl.conf.xml and sip profile are below:
>
> U 2008/11/06 10:46:01.924795 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 100 Trying.
> Via: SIP/2.0/UDP
> 70.42.223.23
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Length: 0.
> .
>
> U 2008/11/06 10:46:01.931791 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 180 Ringing.
> Via: SIP/2.0/UDP
> 70.42.223.23
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Length: 0.
> .
>
> U 2008/11/06 10:46:01.932294 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP
> 70.42.223.23
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Type: application/sdp.
> Content-Length: 257.
> .
> v=0.
> o=root 2901 2901 IN IP4 70.88.65.1.
> s=session.
> c=IN IP4 70.88.65.1.
> t=0 0.
> m=audio 19378 RTP/AVP 0 8 3 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:3 GSM/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
>
> U 2008/11/06 10:46:01.932694 70.42.223.23:5060 -> 70.88.65.1:5060
> ACK sip:317376XXXX at 70.88.65.1 SIP/2.0.
> Via: SIP/2.0/UDP 70.42.223.23;rport;branch=z9hG4bKvgXZ279c41Xcc.
> Max-Forwards: 70.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 ACK.
> Contact: <sip:mod_sofia at 70.42.223.23:5060>.
> Content-Length: 0.
>
>
> Here is the acl:
>
> <configuration name="acl.conf" description="Network Lists">
> <network-lists>
> <list name="dl-candidates" default="allow">
> <node type="deny" cidr="10.0.0.0/8"/>
> <node type="deny" cidr="172.16.0.0/12"/>
> <node type="deny" cidr="192.168.0.0/16"/>
> </list>
> <list name="rfc1918" default="deny">
> <node type="allow" cidr="10.0.0.0/8"/>
> <node type="allow" cidr="172.16.0.0/12"/>
> <node type="allow" cidr="192.168.0.0/16"/>
> </list>
> <list name="lan" default="allow">
> <node type="deny" cidr="192.168.42.0/24"/>
> <node type="allow" cidr="192.168.42.42/32"/>
> </list>
> <list name="strict" default="deny">
> <node type="allow" cidr="208.102.123.124/32"/>
> </list>
> <list name="domains" default="deny">
> <node type="allow" domain="$${domain}"/>
> </list>
> <list name="nat" default="allow">
> <node type="allow" cidr="0.0.0.0/0"/>
> </list>
> </network-lists>
> </configuration>
>
>
> And here is the sip profile:
>
> <profile name="external">
>
> <gateways>
> <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
> </gateways>
>
> <domains>
> <domain name="$${domain}" parse="true"/>
> </domains>
>
> <settings>
> <param name="debug" value="0"/>
> <param name="sip-trace" value="no"/>
> <param name="rfc2833-pt" value="101"/>
> <param name="sip-port" value="5060"/>
> <param name="dialplan" value="XML"/>
> <param name="context" value="public"/>
> <param name="dtmf-duration" value="100"/>
> <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
> <param name="hold-music" value="$${hold_music}"/>
> <param name="use-rtp-timer" value="true"/>
> <param name="rtp-timer-name" value="soft"/>
> <param name="multiple-registrations" value="true"/>
> <param name="manage-presence" value="true"/>
> <param name="aggressive-nat-detection" value="true"/>
> <param name="NDLB-force-rport" value="true"/>
> <param name="inbound-codec-negotiation" value="generous"/>
> <param name="nonce-ttl" value="60"/>
> <param name="auth-calls" value="true"/>
> <param name="rtp-timeout-sec" value="1800"/>
> <param name="rtp-ip" value="$${local_ip_v4}"/>
> <param name="sip-ip" value="$${local_ip_v4}"/>
> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
> <param name="ext-sip-ip" value="$${external_sip_ip}"/>
> <param name="rtp-timeout-sec" value="300"/>
> <param name="rtp-hold-timeout-sec" value="1800"/>
> <param name="apply-nat-acl" value="nat"/>
> </settings>
> </profile>
>
>
>
>
>
>
> On Nov 6, 2008, at 8:37 AM, Anthony Minessale wrote:
>
>> doh,
>> I keep doing that sorry.
>>
>> apply-nat-acl not apply_nat_acl
>>
>>
>>
>> On Thu, Nov 6, 2008 at 8:22 AM, David Aldworth
>> <daldworth at teliax.com> wrote:
>> Yes. Below are settings that have been persistent through recent
>> testing. Is there anything else we can try or should we open a jira?
>>
>> <settings>
>> <param name="debug" value="0"/>
>> <param name="sip-trace" value="no"/>
>> <param name="rfc2833-pt" value="101"/>
>> <param name="sip-port" value="5060"/>
>> <param name="dialplan" value="XML"/>
>> <param name="context" value="public"/>
>> <param name="dtmf-duration" value="100"/>
>> <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
>> <param name="hold-music" value="$${hold_music}"/>
>> <param name="use-rtp-timer" value="true"/>
>> <param name="rtp-timer-name" value="soft"/>
>> <param name="multiple-registrations" value="true"/>
>> <param name="manage-presence" value="true"/>
>> <param name="aggressive-nat-detection" value="true"/>
>> <param name="NDLB-force-rport" value="true"/>
>> <param name="inbound-codec-negotiation" value="generous"/>
>> <param name="nonce-ttl" value="60"/>
>> <param name="auth-calls" value="true"/>
>> <param name="rtp-timeout-sec" value="1800"/>
>> <param name="rtp-ip" value="$${local_ip_v4}"/>
>> <param name="sip-ip" value="$${local_ip_v4}"/>
>> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>> <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>> <param name="rtp-timeout-sec" value="300"/>
>> <param name="rtp-hold-timeout-sec" value="1800"/>
>> <param name="apply_nat_acl" value="nat"/>
>> </settings>
>>
>> On Nov 6, 2008, at 7:01 AM, Anthony Minessale wrote:
>>
>>> did you remember to add
>>> <param name="apply_nat_acl" value="nat"/>
>>> to the profile in question and restart?
>>>
>>> On Wed, Nov 5, 2008 at 10:39 PM, David Aldworth <daldworth at teliax.com
>>> > wrote:
>>> Brian, we updated the acl to:
>>>
>>> <list name="nat" default="allow">
>>> <node type="allow" cidr="0.0.0.0/0"/>
>>> </list>
>>>
>>> And the ACK is still going to the wrong (right but wrong) ip/port.
>>>
>>> Is there any way to get that ACK to go to the ip/port of the UDP
>>> header?
>>>
>>> David
>>>
>>> On Nov 5, 2008, at 4:21 PM, Brian West wrote:
>>>
>>> > 0.0.0.0/0 should match all IP space.
>>> >
>>> > /b
>>> >
>>> > On Nov 5, 2008, at 5:16 PM, David Aldworth wrote:
>>> >
>>> >> Anthony, In hopes of matching all IP's we added a very simple:
>>> >>
>>> >> <list name="nat" default="allow">
>>> >> </list>
>>> >>
>>> >> To the acl.conf.xml and we added:
>>> >>
>>> >> <param name="apply_nat_acl" value="nat"/>
>>> >>
>>> >> To the sip profile. Unfortunately there was no affect. What
>>> would be
>>> >> the correct acl to match all IP's?
>>> >>
>>> >> David
>>> >
>>> >
>>> > _______________________________________________
>>> > Freeswitch-users mailing list
>>> > Freeswitch-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> > http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>> --
>>> Anthony Minessale II
>>>
>>> FreeSWITCH http://www.freeswitch.org/
>>> ClueCon http://www.cluecon.com/
>>>
>>> AIM: anthm
>>> MSN:anthony_minessale at hotmail.com
>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>> IRC: irc.freenode.net #freeswitch
>>>
>>> FreeSWITCH Developer Conference
>>> sip:888 at conference.freeswitch.org
>>> iax:guest at conference.freeswitch.org/888
>>> googletalk:conf+888 at conference.freeswitch.org
>>> pstn:213-799-1400
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>> Anthony Minessale II
>>
>> FreeSWITCH http://www.freeswitch.org/
>> ClueCon http://www.cluecon.com/
>>
>> AIM: anthm
>> MSN:anthony_minessale at hotmail.com
>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>> IRC: irc.freenode.net #freeswitch
>>
>> FreeSWITCH Developer Conference
>> sip:888 at conference.freeswitch.org
>> iax:guest at conference.freeswitch.org/888
>> googletalk:conf+888 at conference.freeswitch.org
>> pstn:213-799-1400
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20081119/f297e30d/attachment-0002.html
More information about the FreeSWITCH-users
mailing list